DKIM For The Masses

Google announced today they have added the ability for Google Apps customers to sign outbound email using the DKIM (DomainKeys Identified Mail) standard.

You can set it up for your own Google Apps domain (if you are the domain admin) using these instructions.

It’s a simple process but the trickiest part can be creating the DNS TXT record (which contains your DKIM public key), depending on how you manage your DNS. If you are serving DNS directly via your registrar, Google has some specific instructions for popular domain hosts.

Checking your work

Here’s a quick tip how you can check to make sure you created the record properly and it is being served…

From a shell/console (using your own domain name, of course):

dig google._domainkey.protodave.com TXT

This should return the DNS TXT record you created. In my case the response is:

This is the record:-
google._domainkey 86400 IN TXT “v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzS1CzUSzUHGRw4cz4vVrl2iktW53o2xGK1FzGsSyRT9Rsy8YjMSrTm+ylnUr/MfBz/ixjDI4NDsLuGPHao7g+T96o09sozD+9tMHAgVz8aFgmjdt402wcxCQoK25dKdvTM1droFAYh28qNjg2c6KcULY6224WIljdGhbMEDX/OQIDAQAB”

I haven’t used YADIFA before but I just downloaded the code and took a quick look at the parse_pstring function in lib/dnscore/src/parsing.c where those parse errors are being checked. It looks like it should be capable of parsing DKIM TXT records properly, so my guess is that you might just have some accidental special characters pasted into your record. Could you check and make sure you don’t have any newlines, smart quotes or spaces, etc in that record in your zone file?

Thanks for the shell command! It was exactly what I was looking for. (I used “dig -t txt mydomain.com” and it didn’t return the DKIM TXT record, but now I have the right syntax. And the Google Apps-specific example was perfect!)